Need a routing trick

Home Page Forums Network Management Linux and Networking Need a routing trick

This topic contains 0 replies, has 0 voices, and was last updated by  cdpearce 5 years, 2 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #43997

    cdpearce
    Participant

    I have some servers that I have set up on an internal LAN which I have made accessible using the “Virtual Servers” table set up so that a request to an external IP address on ETH0 gets mapped to the server’s IP address on ETH1 for the services I want to make visible. That all works fine.

    I also have a guest LAN that I do not want to give access to all my internal systems, so I have separated it out onto ETH2, and have set up an entry in the FORWARD table so that packets cannot route from ETH2->ETH1, but I want the guests to have Internet access so, ETH2->ETH0 is allowed.

    The problem is I cannot access the published services from a client on ETH2. It cannot access the server directly using the internal IP address on ETH1 because that is explicitly blocked. But, I can’t access it on the external IP address either. I guess Linux applies the Virtual Server mapping to an address on ETH1 before routing the packet so by the time it does get routed it has turned back into the same internal IP address that is blocked by the FORWARD table entry.

    There is probably either an obvious or clever way of getting around this. Any thoughts, other than creating a higher priority FORWARD table rule for each target server?

    #53396

    Hummel
    Member

    Hi,

    have you tried additional FORWARD-Rules to make the internal IP accessible?
    Something like:
    Input: ETH2
    Output: ETH1
    Destination IP: Server-Adress in the ETH1-Subnet

    and vice versa

    Regards,
    hummel

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.